Mutual SSL

[Chris Mannion <ch...@itjunction.com>]

Hi all

I'm writing a client to hook up with a remote web-service (ie not one that I've developed) which requires a mutually authenticated SSL connection.  I have both a client certificate and a root certificate installed in my Java keystore to make the connection but on making an Axis call to the webservice I recieve an error from the server which the owners, having checked their logs, tell me is because my client doesn't "present" it's client certificate.

Looking back through the mailing list all the solutions to getting SSL working seem to depend on setting system properties to point at the correct keystore containing the certificates.  However, before I got this far I was receiving exceptions on trying to open the soap connection to the server when the root certificate couldn't be found to authenticate the server.  In solving that error I made sure the certificates are installed in Java's default keystore.  As such I didn't think editing system properties to point at the keystore would make any difference, and it didn't.

Are there any properties to be set to force the connection opened to be a MUTUAL SSL connection and to specify which certificate my client should present to the server?

I did also find one suggestion on the mailing list
http://marc.theaimsgroup.com/?l=axis-dev&m=112368752122921&w=2
which included writing a customer SocketFactory, though it doesn't explain how various things such as specifying a mutual connection etc.

Any help would be very much appreciated as the many, many old suggestions have only helped confuse me more about the topic.


Chris Mannion
IT Junction
020 8452 4274